malloc does not return null when out of memory
Barney Wolff
barney at databus.com
Thu Jul 24 10:55:25 PDT 2003
On Thu, Jul 24, 2003 at 01:27:38PM -0400, Jason Andresen wrote:
>
> The upshot seem to be that it is impossible to write a program that
> handles out-of-memory errors gracefully with this scheme. Even if you
> check all of your return values and configure exit paths for failed
> mallocs, your program is still going to crash and die in a random
> location without warning when memory fills up.
On a production server, when you know what will be running, you can
use ulimit to constrain each process's memory use, and malloc will
happily return 0 if you hit a constraint. On a client machine, if
you start getting these errors, the proper reaction is to configure
more swap, or fix the program that has runaway memory use.
Does anybody know if c++ exception handling on new would make recovery
from out-of-swap practical? I have a feeling it ought to do the trick.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
More information about the freebsd-stable
mailing list